From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 309E0C2D0CD
	for <linux-mm@archiver.kernel.org>; Thu, 15 May 2025 07:10:32 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 6580D6B009B; Thu, 15 May 2025 03:10:29 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 62E2B6B00D3; Thu, 15 May 2025 03:10:29 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 4DCB36B00D2; Thu, 15 May 2025 03:10:29 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14])
	by kanga.kvack.org (Postfix) with ESMTP id 2908D6B00F0
	for <linux-mm@kvack.org>; Thu, 15 May 2025 03:10:29 -0400 (EDT)
Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay04.hostedemail.com (Postfix) with ESMTP id 1E7681A0BA5
	for <linux-mm@kvack.org>; Thu, 15 May 2025 07:10:31 +0000 (UTC)
X-FDA: 83444269062.17.81F68AF
Received: from relay1-d.mail.gandi.net (relay1-d.mail.gandi.net [217.70.183.193])
	by imf03.hostedemail.com (Postfix) with ESMTP id ED8F620003
	for <linux-mm@kvack.org>; Thu, 15 May 2025 07:10:28 +0000 (UTC)
Authentication-Results: imf03.hostedemail.com;
	dkim=none;
	spf=pass (imf03.hostedemail.com: domain of alex@ghiti.fr designates 217.70.183.193 as permitted sender) smtp.mailfrom=alex@ghiti.fr;
	dmarc=none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1747293029;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=O0qgItl989qgGdzI0XRpAExVAahhnsnPCSyEkj8qVfE=;
	b=kvUUN3pZygwv1rb3wTRBbzszT2kGyGaFY/jrEstG7IX+a04bmwCwZ+JZVX3/SKVEbTofSb
	oqLqwLMx1xtaHQcA5NFq215uTW9K3RWhj1+tSE35PwIJZTeanI5lWsy6A+VUqKT42LO88I
	S5K0s1FemB1M5njpTqPgtsFlSCNy7aw=
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1747293029; a=rsa-sha256;
	cv=none;
	b=YtgygTJxM1KZIXdoRpIPKxa2hIftIyMhhM3zvzejA4VfdtSFEhfpQXryZMI6xAuFAI9ag5
	t46pwrJMFejafnPTK+96geKFYiN9SiQ8FSvUNc3j/3tmWuH6Qc3aopsluiHZ1dsL/8YOR/
	YOTRm1L1DTQ/9GCfZMnlpA0f9usfLe4=
ARC-Authentication-Results: i=1;
	imf03.hostedemail.com;
	dkim=none;
	spf=pass (imf03.hostedemail.com: domain of alex@ghiti.fr designates 217.70.183.193 as permitted sender) smtp.mailfrom=alex@ghiti.fr;
	dmarc=none
Received: by mail.gandi.net (Postfix) with ESMTPSA id B7F9A43A81;
	Thu, 15 May 2025 07:10:11 +0000 (UTC)
Message-ID: <c911eead-30c4-497d-8a56-1450792b24bd@ghiti.fr>
Date: Thu, 15 May 2025 09:10:08 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [PATCH v15 22/27] riscv: enable kernel access to shadow stack
 memory via FWFT sbi call
Content-Language: en-US
To: Deepak Gupta <debug@rivosinc.com>, Thomas Gleixner <tglx@linutronix.de>,
 Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
 Dave Hansen <dave.hansen@linux.intel.com>, x86@kernel.org,
 "H. Peter Anvin" <hpa@zytor.com>, Andrew Morton <akpm@linux-foundation.org>,
 "Liam R. Howlett" <Liam.Howlett@oracle.com>, Vlastimil Babka
 <vbabka@suse.cz>, Lorenzo Stoakes <lorenzo.stoakes@oracle.com>,
 Paul Walmsley <paul.walmsley@sifive.com>, Palmer Dabbelt
 <palmer@dabbelt.com>, Albert Ou <aou@eecs.berkeley.edu>,
 Conor Dooley <conor@kernel.org>, Rob Herring <robh@kernel.org>,
 Krzysztof Kozlowski <krzk+dt@kernel.org>, Arnd Bergmann <arnd@arndb.de>,
 Christian Brauner <brauner@kernel.org>, Peter Zijlstra
 <peterz@infradead.org>, Oleg Nesterov <oleg@redhat.com>,
 Eric Biederman <ebiederm@xmission.com>, Kees Cook <kees@kernel.org>,
 Jonathan Corbet <corbet@lwn.net>, Shuah Khan <shuah@kernel.org>,
 Jann Horn <jannh@google.com>, Conor Dooley <conor+dt@kernel.org>,
 Miguel Ojeda <ojeda@kernel.org>, Alex Gaynor <alex.gaynor@gmail.com>,
 Boqun Feng <boqun.feng@gmail.com>, Gary Guo <gary@garyguo.net>,
 =?UTF-8?Q?Bj=C3=B6rn_Roy_Baron?= <bjorn3_gh@protonmail.com>,
 Benno Lossin <benno.lossin@proton.me>,
 Andreas Hindborg <a.hindborg@kernel.org>, Alice Ryhl <aliceryhl@google.com>,
 Trevor Gross <tmgross@umich.edu>
Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
 linux-mm@kvack.org, linux-riscv@lists.infradead.org,
 devicetree@vger.kernel.org, linux-arch@vger.kernel.org,
 linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org,
 alistair.francis@wdc.com, richard.henderson@linaro.org, jim.shu@sifive.com,
 andybnac@gmail.com, kito.cheng@sifive.com, charlie@rivosinc.com,
 atishp@rivosinc.com, evan@rivosinc.com, cleger@rivosinc.com,
 alexghiti@rivosinc.com, samitolvanen@google.com, broonie@kernel.org,
 rick.p.edgecombe@intel.com, rust-for-linux@vger.kernel.org,
 Zong Li <zong.li@sifive.com>
References: <20250502-v5_user_cfi_series-v15-0-914966471885@rivosinc.com>
 <20250502-v5_user_cfi_series-v15-22-914966471885@rivosinc.com>
From: Alexandre Ghiti <alex@ghiti.fr>
In-Reply-To: <20250502-v5_user_cfi_series-v15-22-914966471885@rivosinc.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-GND-State: clean
X-GND-Score: -100
X-GND-Cause: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdeftdelvdefucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuifetpfffkfdpucggtfgfnhhsuhgsshgtrhhisggvnecuuegrihhlohhuthemuceftddunecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpefkffggfgfuvfevfhfhjggtgfesthekredttddvjeenucfhrhhomheptehlvgigrghnughrvgcuifhhihhtihcuoegrlhgvgiesghhhihhtihdrfhhrqeenucggtffrrghtthgvrhhnpeettdehkefghfekvdetteefgedvheejgfefhfekudeukeefieduudegtdehgffgueenucffohhmrghinhephhgvrggurdhssgenucfkphepvddttddumeekiedumeeffeekvdemvghfledtmeegsgejudemgegvtgeimeejfhehsgemjegstddunecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepvddttddumeekiedumeeffeekvdemvghfledtmeegsgejudemgegvtgeimeejfhehsgemjegstddupdhhvghloheplgfkrfggieemvddttddumeekiedumeeffeekvdemvghfledtmeegsgejudemgegvtgeimeejfhehsgemjegstddungdpmhgrihhlfhhrohhmpegrlhgvgiesghhhihhtihdrfhhrpdhnsggprhgtphhtthhopeehledprhgtphhtthhopeguvggsuhhgsehrihhvohhsihhntgdrtghomhdprhgtphhtthhopehtghhlgieslhhinhhuthhrohhnihigrdguvgdprhgtphhtthhopehmihhnghhos
 ehrvgguh
 hgrthdrtghomhdprhgtphhtthhopegsphesrghlihgvnhekrdguvgdprhgtphhtthhopegurghvvgdrhhgrnhhsvghnsehlihhnuhigrdhinhhtvghlrdgtohhmpdhrtghpthhtohepgiekieeskhgvrhhnvghlrdhorhhgpdhrtghpthhtohephhhprgesiiihthhorhdrtghomhdprhgtphhtthhopegrkhhpmheslhhinhhugidqfhhouhhnuggrthhiohhnrdhorhhg
X-GND-Sasl: alex@ghiti.fr
X-Stat-Signature: gg55w63hpibq9b7ukggodj9qs6qp6zkk
X-Rspamd-Queue-Id: ED8F620003
X-Rspam-User: 
X-Rspamd-Server: rspam02
X-HE-Tag: 1747293028-22509
X-HE-Meta: U2FsdGVkX18rg3yRvvGeESbPrfaBbq38gMByfp2CGZ36R2H7+2ms9IEFohRCDX3NMzJUXSmZrBZupxjrVhPMQRr2Vwk1kPPhm1OLvj+0dpDdgBPHn88hOYWgja2qWKqEk7newtIlEepZjpCP1ASYr/19aYIVhDzRJv3498uVAAKLkuz6EjCsJVNx6AUcCtYDyq4U6WDgAhafsLZEbM5G3XKZGY8CF7ZkBiNVxhyHU23CxVqHO19OxNkqfgRZhhu7jTIqaqzAZyZDVbfowlGAzOCr7Q7iGmIzsmxxpwON/BMDXLmnMDhgRLwxuDbqZMRouV+5SNVUOA7lT6rTxaDtaJ2hbz1YR0y/ln8+fCek/JEgb306sR+GB6nCMMfF+MmslFnuhiNkAdLoO8u6h/LULxnQsjoLRZfopsi15UYhjfSDfb7g+ATG3LaVaKY06SsKhS/MyWgknJ5qB51p6jWBhhbB+YgtS+EHBtLakIGOkNyS/lcEC3bkl+AV6dYnAUVBeznBW9iAwMtTbn0IgZ9BAcTJIbA51Bu2FBcqQ+VBgmQBvtYNpgEqEinoGARofORoCv07Uakn+D8fSIOgkOrZwKs7TijUPY4rEwSZUHyEK9B5UdTUjykONB6aRRkbtgEQByHagvHoYvstGwKeWcy3jGX8r5GsybkFLhCcfPLRHttqofOaUIldvT1YeBLnoUhqTqqAb3oPukB1zU5ZLr9/j3ptNAXWqAu9D/ERBirD1kJhEqAAP+wEXtnuaTOB8M6KOaDv18wSn+WSTKhd60Errj9t+25daJRgwAjTpLUt6UqU9KkbInoIQWBUZumLexuFuNHuPOsMZ47q8sdoyppjhBrdU/1wtDG0Hz8LUpcm0A2LvaPx+06jkHggZ4TdNAccXO98W48ho+NzXNPym1PzOabi0O9qOWxcEr7mNMrzlxacgEWsQTkgmdbcNZxTiQE0juEkURVYl5P+JjAl4SL
 stWpqZMB
 Jcsi0qJSBI52FS3O36iEi1hljFXZ02U2ebimkxIEP72amvn0FmHWrs1yw2QNo3YeQF/qaZlyyQzgBePHc1ZBB8x8Cs43A1hZ9o/QLKolSTF/20JNO+jfbMlLvdhgD9W7zxWdt08MJl+mo/oAo0lyayI/O2OsKL0ZWq6P7cGe+ogsjvcVWBEIHdB6BHR08D6vHQWoRk5DxIRfw7ruzMd53bDxjhedT1Chdyu90CNGavDR8LEa4uXQakfatS9R4+1JU+qVBKPKVl043bxdN4EXvPrYE2GsuDkibgQSQHo5kA+boHnw=
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

Hi Deepak,

On 03/05/2025 01:30, Deepak Gupta wrote:
> Kernel will have to perform shadow stack operations on user shadow stack.
> Like during signal delivery and sigreturn, shadow stack token must be
> created and validated respectively. Thus shadow stack access for kernel
> must be enabled.
>
> In future when kernel shadow stacks are enabled for linux kernel, it must
> be enabled as early as possible for better coverage and prevent imbalance
> between regular stack and shadow stack. After `relocate_enable_mmu` has
> been done, this is as early as possible it can enabled.
>
> Reviewed-by: Zong Li <zong.li@sifive.com>
> Signed-off-by: Deepak Gupta <debug@rivosinc.com>
> ---
>   arch/riscv/kernel/asm-offsets.c |  4 ++++
>   arch/riscv/kernel/head.S        | 27 +++++++++++++++++++++++++++
>   2 files changed, 31 insertions(+)
>
> diff --git a/arch/riscv/kernel/asm-offsets.c b/arch/riscv/kernel/asm-offsets.c
> index f33945432f8f..7ab41f01aa17 100644
> --- a/arch/riscv/kernel/asm-offsets.c
> +++ b/arch/riscv/kernel/asm-offsets.c
> @@ -514,4 +514,8 @@ void asm_offsets(void)
>   	DEFINE(FREGS_A6,	    offsetof(struct __arch_ftrace_regs, a6));
>   	DEFINE(FREGS_A7,	    offsetof(struct __arch_ftrace_regs, a7));
>   #endif
> +	DEFINE(SBI_EXT_FWFT, SBI_EXT_FWFT);
> +	DEFINE(SBI_EXT_FWFT_SET, SBI_EXT_FWFT_SET);
> +	DEFINE(SBI_FWFT_SHADOW_STACK, SBI_FWFT_SHADOW_STACK);
> +	DEFINE(SBI_FWFT_SET_FLAG_LOCK, SBI_FWFT_SET_FLAG_LOCK);


kernel test robot reported errors when !RV64 and !SBI, the following 
diff fixes it:

diff --git a/arch/riscv/kernel/asm-offsets.c 
b/arch/riscv/kernel/asm-offsets.c
index 7fc085d27ca79..3aa5f56a84e9a 100644
--- a/arch/riscv/kernel/asm-offsets.c
+++ b/arch/riscv/kernel/asm-offsets.c
@@ -532,8 +532,10 @@ void asm_offsets(void)
         DEFINE(FREGS_A6,            offsetof(struct __arch_ftrace_regs, 
a6));
         DEFINE(FREGS_A7,            offsetof(struct __arch_ftrace_regs, 
a7));
  #endif
+#ifdef CONFIG_RISCV_SBI
         DEFINE(SBI_EXT_FWFT, SBI_EXT_FWFT);
         DEFINE(SBI_EXT_FWFT_SET, SBI_EXT_FWFT_SET);
         DEFINE(SBI_FWFT_SHADOW_STACK, SBI_FWFT_SHADOW_STACK);
         DEFINE(SBI_FWFT_SET_FLAG_LOCK, SBI_FWFT_SET_FLAG_LOCK);
+#endif
  }

No need to resend the whole series, I'll squash it.

Thanks,

Alex


>   }
> diff --git a/arch/riscv/kernel/head.S b/arch/riscv/kernel/head.S
> index 356d5397b2a2..7eae9a172351 100644
> --- a/arch/riscv/kernel/head.S
> +++ b/arch/riscv/kernel/head.S
> @@ -15,6 +15,7 @@
>   #include <asm/image.h>
>   #include <asm/scs.h>
>   #include <asm/xip_fixup.h>
> +#include <asm/usercfi.h>
>   #include "efi-header.S"
>   
>   __HEAD
> @@ -164,6 +165,19 @@ secondary_start_sbi:
>   	call relocate_enable_mmu
>   #endif
>   	call .Lsetup_trap_vector
> +#if defined(CONFIG_RISCV_SBI) && defined(CONFIG_RISCV_USER_CFI)
> +	li a7, SBI_EXT_FWFT
> +	li a6, SBI_EXT_FWFT_SET
> +	li a0, SBI_FWFT_SHADOW_STACK
> +	li a1, 1 /* enable supervisor to access shadow stack access */
> +	li a2, SBI_FWFT_SET_FLAG_LOCK
> +	ecall
> +	beqz a0, 1f
> +	la a1, riscv_nousercfi
> +	li a0, CMDLINE_DISABLE_RISCV_USERCFI_BCFI
> +	REG_S a0, (a1)
> +1:
> +#endif
>   	scs_load_current
>   	call smp_callin
>   #endif /* CONFIG_SMP */
> @@ -320,6 +334,19 @@ SYM_CODE_START(_start_kernel)
>   	la tp, init_task
>   	la sp, init_thread_union + THREAD_SIZE
>   	addi sp, sp, -PT_SIZE_ON_STACK
> +#if defined(CONFIG_RISCV_SBI) && defined(CONFIG_RISCV_USER_CFI)
> +	li a7, SBI_EXT_FWFT
> +	li a6, SBI_EXT_FWFT_SET
> +	li a0, SBI_FWFT_SHADOW_STACK
> +	li a1, 1 /* enable supervisor to access shadow stack access */
> +	li a2, SBI_FWFT_SET_FLAG_LOCK
> +	ecall
> +	beqz a0, 1f
> +	la a1, riscv_nousercfi
> +	li a0, CMDLINE_DISABLE_RISCV_USERCFI_BCFI
> +	REG_S a0, (a1)
> +1:
> +#endif
>   	scs_load_current
>   
>   #ifdef CONFIG_KASAN
>